Skip to content

Latest commit

 

History

History
1888 lines (1472 loc) · 106 KB

fortios_monitor_fact.rst

File metadata and controls

1888 lines (1472 loc) · 106 KB
Raw
source:fortios_monitor_fact.py
orphan:

fortios_monitor_fact -- Retrieve Facts of FortiOS Monitor Objects.

.. versionadded:: 2.10

Synopsis

  • Collects monitor facts from network devices running the fortios operating system. This facts module will only collect those facts which user specified in playbook.

Requirements

The below requirements are needed on the host that executes this module.

  • install galaxy collection fortinet.fortios >= 2.0.0.

Parameters

  • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str required: False default: root
  • enable_log - Enable/Disable logging for task. type: bool required: False default: False
  • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
  • filters - A list of expressions to filter the returned results. type: list required: False more...
    Filter item must be in the following format: [key][operator][pattern], operators could be found in the table:
    Operator Case sensitive Description
    == Yes Pattern must be identical to the value.
    =* No Pattern must be identical to the value.
    != Yes Pattern does not match the value.
    !* No Pattern does not match the value.
    =@ No Pattern found within value.
    !@ No Pattern not found within value.
    <= n/a Value must be less than or equal to pattern.
    < n/a Value must be less than pattern.
    >= n/a Value must be greater than or equal to pattern.
    > n/a Value must be greater than pattern.
  • sorters - A list of expressions to sort the returned results. type: list required: False more...
    Sorter item must be a [key] followed by a ,asc or ,dsc order derective.
    examples: name,asc to sort the result by name in ascending order; vlanid,asc to sort the result by vlanid in descending order.
  • formatters - A list of fields to display for returned results. type: list required: False
  • selector - selector of the retrieved fortigate facts type: str choices:

  • Show full selector list...

      azure_application-list
    • azure_application-list
      • endpoint-control_avatar_download
    • endpoint-control_avatar_download - Download an endpoint avatar image.
      • default - Default avatar name ['authuser'|'unauthuser'|'authuser_72'|'unauthuser_72']. Default avatar when endpoint / device avatar is not available. If default is not set, Not found 404 is returned. type: string required: False
      • fingerprint - Avatar fingerprint. type: string required: False
      • uid - Single FortiClient UID. type: string required: False
      • user - User name of the endpoint. type: string required: False
      • endpoint-control_ems_cert-status
    • endpoint-control_ems_cert-status - Retrieve authentication status of the EMS server certificate for a specific EMS.
      • with_cert - Return detailed certificate information. Available when the certificate is authenticated by installed CA certificates. type: boolean required: False
      • ems_name - EMS server name (as defined in CLI table endpoint-control.fctems). type: string required: True
      • endpoint-control_ems_status
    • endpoint-control_ems_status - Retrieve EMS connection status for a specific EMS.
      • ems_name - EMS server name (as defined in CLI table endpoint-control.fctems). type: string required: False
      • ems_serial - EMS serial type: string required: False
      • endpoint-control_ems_status-summary
    • endpoint-control_ems_status-summary
      • endpoint-control_installer
    • endpoint-control_installer - List available FortiClient installers.
      • min_version - Filter: Minimum installer version. (String of the format n[.n[.n]]). type: string required: False
      • endpoint-control_installer_download
    • endpoint-control_installer_download - Download a FortiClient installer via FortiGuard.
      • mkey - Name of installer (image_id). type: string required: True
      • endpoint-control_profile_xml
    • endpoint-control_profile_xml - List XML representation for each endpoint-control profile.
      • mkey - Name of endpoint-control profile. type: string required: False
      • endpoint-control_record-list
    • endpoint-control_record-list - List endpoint records. This should only be used when you need to retrieve endpoint information from FortiEMS.
      • intf_name - Filter: Name of interface where the endpoint was detected. type: string required: False
      • endpoint-control_registration_summary
    • endpoint-control_registration_summary
      • endpoint-control_summary
    • endpoint-control_summary
      • extender-controller_extender
    • extender-controller_extender - Retrieve statistics for specific configured FortiExtender units.
      • type - Statistic type.'type' options are [system | modem | usage | last]. If 'type' is not specified, all types of statistics are retrieved. type: string required: False
      • id - FortiExtender ID. type: string required: True
      • name - List of FortiExtender IDs to query. type: array required: False
      • firewall_acl
    • firewall_acl
      • firewall_acl6
    • firewall_acl6
      • firewall_address-dynamic
    • firewall_address-dynamic
      • firewall_address-fqdns
    • firewall_address-fqdns
      • firewall_address-fqdns6
    • firewall_address-fqdns6
      • firewall_address6-dynamic
    • firewall_address6-dynamic
      • firewall_consolidated-policy
    • firewall_consolidated-policy - List traffic statistics for consolidated policies.
      • policyid - Filter: Policy ID. type: int required: False
      • firewall_gtp-runtime-statistics
    • firewall_gtp-runtime-statistics
      • firewall_gtp-statistics
    • firewall_gtp-statistics
      • firewall_health
    • firewall_health
      • firewall_internet-service-details
    • firewall_internet-service-details - List all details for a given Internet Service ID.
      • count - Maximum number of entries to return. Valid range is [20, 1000]; if a value is specified out of that range, it will be rounded up or down. Default value is 1000. type: int required: False
      • region_id - Filter: Region ID. type: int required: False
      • summary_only - Only return number of entries instead of entries. type: boolean required: False
      • city_id - Filter: City ID. type: int required: False
      • country_id - Filter: Country ID. type: int required: False
      • start - Starting entry index. If a value is less than zero, it will be set to zero. type: int required: False
      • id - ID of the Internet Service to get details for. type: int required: True
      • firewall_internet-service-match
    • firewall_internet-service-match - List internet services that exist at a given IP or Subnet.
      • ip - IP (in dot-decimal notation). type: string required: True
      • mask - IP Mask (in dot-decimal notation). type: string required: True
      • firewall_ippool
    • firewall_ippool
      • firewall_ippool_mapping
    • firewall_ippool_mapping - Get the list of IPv4 mappings for the specified IP pool.
      • mkey - The IP pool name. type: string required: True
      • firewall_load-balance
    • firewall_load-balance - List all firewall load balance servers.
      • count - Maximum number of entries to return. type: int required: True
      • start - Starting entry index. type: int required: False
      • firewall_local-in
    • firewall_local-in
      • firewall_multicast-policy
    • firewall_multicast-policy - List traffic statistics for IPv4 firewall multicast policies.
      • policyid - Filter: Policy ID. type: int required: False
      • firewall_multicast-policy6
    • firewall_multicast-policy6 - List traffic statistics for IPv6 firewall multicast policies.
      • policyid - Filter: Policy ID. type: int required: False
      • firewall_per-ip-shaper
    • firewall_per-ip-shaper
      • firewall_policy
    • firewall_policy - List traffic statistics for firewall policies.
      • ip_version - Filter: Traffic IP Version. [ ipv4 | ipv6 ], if left empty, will retrieve data for both ipv4 and ipv6. type: string required: False
      • policyid - Filter: Policy ID. type: int required: False
      • firewall_policy-lookup
    • firewall_policy-lookup - Performs a policy lookup by creating a dummy packet and asking the kernel which policy would be hit.
      • protocol - Protocol. type: string required: True
      • dest - Destination IP/FQDN. type: string required: True
      • icmpcode - ICMP code. type: int required: False
      • icmptype - ICMP type. type: int required: False
      • srcintf - Source interface. type: string required: True
      • ipv6 - Perform an IPv6 lookup? type: boolean required: False
      • sourceport - Source port. type: int required: False
      • sourceip - Source IP. type: string required: False
      • destport - Destination port. type: int required: False
      • firewall_policy6
    • firewall_policy6 - List traffic statistics for IPv6 policies.
      • policyid - Filter: Policy ID. type: int required: False
      • firewall_proxy-policy
    • firewall_proxy-policy - List traffic statistics for all explicit proxy policies.
      • policyid - Filter: Policy ID. type: int required: False
      • firewall_sdn-connector-filters
    • firewall_sdn-connector-filters - List all available filters for a specified SDN Fabric Connector. Used for Fabric Connector address objects.
      • connector - Name of the SDN Fabric Connector to get the filters from. type: string required: True
      • firewall_security-policy
    • firewall_security-policy - List IPS engine statistics for security policies.
      • policyid - Filter: Policy ID. type: int required: False
      • firewall_session
    • firewall_session - List all active firewall sessions (optionally filtered).
      • since - Filter: Only return sessions generated since this Unix timestamp. type: int required: False
      • protocol - Filter: Protocol name [all|igmp|tcp|udp|icmp|etc]. type: string required: False
      • web-domain - Filter: Web domain. type: string required: False
      • srcintfrole - Filter: Source interface roles. type: array required: False
      • owner - Filter: Destination owner. type: string required: False
      • srcuuid - Filter: Source UUID. type: string required: False
      • dstintfrole - Filter: Destination interface roles. type: array required: False
      • security-policyid - Filter: Security Policy ID. type: int required: False
      • natsourceaddress - Filter: NAT source address. type: string required: False
      • source - Filter: Source IP address. type: string required: False
      • destination - Filter: Destination IP address. type: string required: False
      • application - Filter: Application PROTO/PORT. (e.g. "TCP/443") type: string required: False
      • sourceport - Filter: Source port. type: int required: False
      • natsourceport - Filter: NAT source port. type: int required: False
      • start - Starting entry index. type: int required: False
      • dstuuid - Filter: Destination UUID. type: string required: False
      • username - Filter: Authenticated username. type: string required: False
      • seconds - Filter: Only return sessions generated in the last N seconds. type: int required: False
      • policyid - Filter: Policy ID. type: int required: False
      • srcintf - Filter: Source interface name. type: string required: False
      • destport - Filter: Destination port. type: int required: False
      • count - Maximum number of entries to return. Valid range is [20, 1000]; if a value is specified out of that range, it will be rounded up or down. type: int required: True
      • filter-csf - Filter: Include sessions from downstream fortigates. type: boolean required: False
      • country - Filter: Destination country name. type: string required: False
      • summary - Enable/disable inclusion of session summary (setup rate, total sessions, etc). type: boolean required: False
      • shaper - Filter: Forward traffic shaper name. type: string required: False
      • web-category - Filter: Web category. type: string required: False
      • ip_version - IP version [*ipv4 | ipv6 | ipboth]. type: string required: False
      • dstintf - Filter: Destination interface name. type: string required: False
      • firewall_shaper
    • firewall_shaper
      • firewall_uuid-list
    • firewall_uuid-list
      • firewall_uuid-type-lookup
    • firewall_uuid-type-lookup - Retrieve a mapping of UUIDs to their firewall object type for given UUIDs.
      • uuids - List of UUIDs to be resolved. type: array required: False
      • fortiguard_redirect-portal
    • fortiguard_redirect-portal
      • fortiguard_service-communication-stats
    • fortiguard_service-communication-stats - Retrieve historical statistics for communication with FortiGuard services.
      • service_type - To get stats for [forticare|fortiguard_download|fortiguard_query|forticloud_log|fortisandbox_cloud|fortiguard.com|ocvpn|sdns|fortitoken_registration|sms_service]. Defaults to all stats if not provided. type: string required: False
      • timeslot - History timeslot of stats [1_hour|24_hour|1_week]. Defaults to all timeslots if not provided. type: string required: False
      • fortiview_sandbox-file-details
    • fortiview_sandbox-file-details - Retrieve FortiSandbox analysis details for a specific file checksum.
      • checksum - Checksum of a specific file that has been analyzed by the connected FortiSandbox. type: string required: True
      • fortiview_sandbox-file-list
    • fortiview_sandbox-file-list
      • fortiview_statistics
    • fortiview_statistics - Retrieve drill-down and summary data for FortiView (both realtime and historical).
      • count - Maximum number of details to return. type: int required: False
      • end - End timestamp. type: int required: False
      • realtime - Set to true to retrieve realtime results (from kernel). type: boolean required: False
      • chart_only - Only return graph values in results. type: boolean required: False
      • sort_by - Sort by field. type: string required: False
      • filter - A map of filter keys to arrays of values. type: object required: False
      • start - Start timestamp. type: int required: False
      • sessionid - FortiView request Session ID. type: int required: False
      • report_by - Report by field. type: string required: False
      • device - FortiView source device [disk|fortianalyzer|forticloud]. type: string required: False
      • ip_version - IP version [*ipv4 | ipv6 | ipboth]. type: string required: False
      • ips_anomaly
    • ips_anomaly
      • ips_exceed-scan-range
    • ips_exceed-scan-range - Returns a list of applications that exceed the scan range from a list of application IDs.
      • ids - List of application IDs. type: array required: True
      • ips_metadata
    • ips_metadata
      • ips_rate-based
    • ips_rate-based
      • license_fortianalyzer-status
    • license_fortianalyzer-status
      • license_forticare-org-list
    • license_forticare-org-list
      • license_forticare-resellers
    • license_forticare-resellers - Get current FortiCare resellers for the requested country.
      • country_code - FortiGuard country code type: int required: False
      • license_status
    • license_status
      • log_av-archive_download
    • log_av-archive_download - Download file quarantined by AntiVirus.
      • mkey - Checksum for quarantined file. type: string required: True
      • log_current-disk-usage
    • log_current-disk-usage
      • log_device_state
    • log_device_state
      • log_event
    • log_event
      • log_fortianalyzer
    • log_fortianalyzer - Return FortiAnalyzer/FortiManager log status.
      • srcip - The IP to use to make the request to the FortiAnalyzer [|auto]. When set to "auto" it will use the FortiGate's routing table to determine the IP to make the request from. type: string required: False
      • scope - Scope from which to test the connectivity of the FortiAnalyzer address [vdom|global]. type: string required: False
      • server - FortiAnalyzer/FortiManager address. type: string required: False
      • log_fortianalyzer-queue
    • log_fortianalyzer-queue - Retrieve information on FortiAnalyzer's queue state. Note:- FortiAnalyzer logs are queued only if upload-option is realtime.
      • scope - Scope from which to retrieve FortiAnalyzer's queue state [vdom*|global]. type: string required: False
      • log_forticloud
    • log_forticloud
      • log_forticloud-report-list
    • log_forticloud-report-list
      • log_forticloud-report_download
    • log_forticloud-report_download - Download PDF report from FortiCloud.
      • inline - Set to 1 to download the report inline. type: int required: False
      • mkey - FortiCloud Report ID. type: int required: True
      • log_historic-daily-remote-logs
    • log_historic-daily-remote-logs - Returns the amount of logs in bytes sent daily to a remote logging service (FortiCloud or FortiAnalyzer).
      • server - Service name [forticloud | fortianalyzer]. type: string required: True
      • log_hourly-disk-usage
    • log_hourly-disk-usage
      • log_ips-archive_download
    • log_ips-archive_download - Download IPS/application control packet capture files. Uses configured log display device.
      • pcap_no - Packet capture roll number (required when log device is 'disk') type: int required: False
      • pcap_category - Packet capture category (required when log device is 'disk') type: int required: False
      • mkey - IPS archive ID. type: int required: True
      • log_local-report-list
    • log_local-report-list
      • log_local-report_download
    • log_local-report_download - Download local report
      • mkey - Local Report Name. type: string required: True
      • log_policy-archive_download
    • log_policy-archive_download - Download policy-based packet capture archive.
      • srcip - Source IP. type: string required: True
      • dstip - Destination IP. type: string required: True
      • mkey - Session ID (from traffic log). type: int required: True
      • log_stats
    • log_stats - Return number of logs sent by category per day for a specific log device.
      • dev - Log device [*memory | disk | fortianalyzer | forticloud]. type: string required: False
      • network_arp
    • network_arp
      • network_ddns_lookup
    • network_ddns_lookup - Check DDNS FQDN availability.
      • domain - Filter: domain to check. type: string required: True
      • network_ddns_servers
    • network_ddns_servers
      • network_dns_latency
    • network_dns_latency
      • network_fortiguard_live-services-latency
    • network_fortiguard_live-services-latency
      • network_lldp_neighbors
    • network_lldp_neighbors
      • network_lldp_ports
    • network_lldp_ports - List all active LLDP ports.
      • mkey - Filter: specific port name. type: string required: False
      • network_reverse-ip-lookup
    • network_reverse-ip-lookup - Retrieve the resolved DNS domain name for a given IP address.
      • ip - IP address (in dot-decimal notation). type: string required: True
      • nsx_instance
    • nsx_instance - List NSX instances and their resource statistics.
      • mkey - Filter: NSX SDN name. type: string required: False
      • nsx_service_status
    • nsx_service_status - Retrieve NSX service status.
      • mkey - Filter: NSX SDN name. type: string required: False
      • registration_forticloud_device-status
    • registration_forticloud_device-status - Fetch device registration status from FortiCloud. Currently FortiSwitch and FortiAP are supported.
      • serials - Serials of FortiSwitch and FortiAP to fetch registration status. type: array required: True
      • update_cache - Clear cache and retrieve updated data. type: boolean required: False
      • registration_forticloud_disclaimer
    • registration_forticloud_disclaimer
      • registration_forticloud_domains
    • registration_forticloud_domains
      • router_bgp_neighbors
    • router_bgp_neighbors
      • router_bgp_neighbors6
    • router_bgp_neighbors6
      • router_bgp_paths
    • router_bgp_paths
      • router_bgp_paths6
    • router_bgp_paths6
      • router_ipv4
    • router_ipv4 - List all active IPv4 routing table entries.
      • count - Maximum number of entries to return (Default for all routes). type: int required: False
      • ip_mask - Filter: IP/netmask. type: string required: False
      • start - Starting entry index. type: int required: False
      • interface - Filter: interface name. type: string required: False
      • type - Filter: route type. type: string required: False
      • gateway - Filter: gateway. type: string required: False
      • router_ipv6
    • router_ipv6 - List all active IPv6 routing table entries.
      • count - Maximum number of entries to return (Default for all routes). type: int required: False
      • ip_mask - Filter: IP/netmask. type: string required: False
      • start - Starting entry index. type: int required: False
      • interface - Filter: interface name. type: string required: False
      • type - Filter: route type. type: string required: False
      • gateway - Filter: gateway. type: string required: False
      • router_lookup
    • router_lookup - Performs a route lookup by querying the routing table.
      • destination - Destination IP/FQDN. type: string required: True
      • ipv6 - Perform an IPv6 lookup. type: boolean required: False
      • router_lookup-policy
    • router_lookup-policy - Performs a route lookup by querying the policy routing table.
      • protocol_number - IP Protocol Number. type: int required: False
      • destination - Destination IP/FQDN. type: string required: True
      • source - Source IP/FQDN. type: string required: False
      • ipv6 - Perform an IPv6 lookup. type: boolean required: False
      • destination_port - Destination Port. type: int required: False
      • interface_name - Incoming Interface. type: string required: False
      • router_ospf_neighbors
    • router_ospf_neighbors
      • router_policy
    • router_policy - Retrieve a list of active IPv4 policy routes.
      • count - Maximum number of entries to return. type: int required: False
      • start - Starting entry index. type: int required: False
      • count_only - Returns the number of IPv4 policy routes only. type: boolean required: False
      • router_policy6
    • router_policy6 - Retrieve a list of active IPv6 policy routes.
      • count - Maximum number of entries to return. type: int required: False
      • start - Starting entry index. type: int required: False
      • count_only - Returns the number of IPv6 policy routes only. type: boolean required: False
      • router_statistics
    • router_statistics - Retrieve routing table statistics, including number of matched routes.
      • ip_version - IP version (4|6). If not present, IPv4 and IPv6 will be returned. type: int required: False
      • ip_mask - Filter: IP/netmask. type: string required: False
      • interface - Filter: interface name. type: string required: False
      • type - Filter: route type. type: string required: False
      • gateway - Filter: gateway. type: string required: False
      • switch-controller_detected-device
    • switch-controller_detected-device
      • switch-controller_fsw-firmware
    • switch-controller_fsw-firmware - Retrieve a list of recommended firmware for managed FortiSwitches.
      • timeout - FortiGuard connection timeout (defaults to 3 seconds). type: string required: False
      • mkey - Filter: FortiSwitch ID. type: string required: False
      • switch-controller_managed-switch
    • switch-controller_managed-switch - Retrieve statistics for configured FortiSwitches
      • port_stats - Filter: Retrieve tx/rx statistics for ports of configured FortiSwitches. type: boolean required: False
      • stp_status - Filter: Retrieve STP status for ports of configured FortiSwitches. type: boolean required: False
      • igmp_snooping_group - Filter: Retrieve IGMP Snooping group for configured FortiSwitches. type: boolean required: False
      • qos_stats - Filter: Retrieve QoS statistics for ports of configured FortiSwitches. type: boolean required: False
      • transceiver - Filter: Retrieve transceiver information for ports of configured FortiSwitches. type: boolean required: False
      • poe - Filter: Retrieve PoE statistics for ports of configured FortiSwitches. Port power usage is in Watt units. type: boolean required: False
      • mkey - Filter: FortiSwitch ID. type: string required: False
      • switch-controller_managed-switch_cable-status
    • switch-controller_managed-switch_cable-status - Diagnose cable information for a port. Virtual FortiSwitches and FortiLink ports are not supported.
      • port - Name of managed FortiSwitch port. type: string required: True
      • mkey - Name of managed FortiSwitch. type: string required: True
      • switch-controller_managed-switch_dhcp-snooping
    • switch-controller_managed-switch_dhcp-snooping
      • switch-controller_managed-switch_faceplate-xml
    • switch-controller_managed-switch_faceplate-xml - Retrieve XML for rendering FortiSwitch faceplate widget.
      • mkey - Name of managed FortiSwitch. type: string required: True
      • switch-controller_managed-switch_health
    • switch-controller_managed-switch_health - Retrieve health-check statistics for managed FortiSwitches.
      • mkey - Filter: FortiSwitch ID. type: string required: False
      • switch-controller_managed-switch_transceivers
    • switch-controller_managed-switch_transceivers
      • switch-controller_matched-devices
    • switch-controller_matched-devices - Return a list of devices that match NAC and/or dynamic port policies.
      • include_dynamic - If true, include devices that match dynamic port policies. Default value is false. type: boolean required: False
      • mkey - FortiSwitch ID. Will return all devices if no ID is provided. type: string required: False
      • switch-controller_mclag-icl_eligible-peer
    • switch-controller_mclag-icl_eligible-peer - Find a pair of FortiSwitches that are eligible to form a tier-1 MCLAG.
      • fortilink - FortiLink interface name. type: string required: True
      • switch-controller_validate-switch-prefix
    • switch-controller_validate-switch-prefix - Validate a FortiSwitch serial number prefix.
      • prefix - Prefix of FortiSwitch serial number. type: string required: False
      • system_3g-modem
    • system_3g-modem
      • system_acquired-dns
    • system_acquired-dns
      • system_automation-action_stats
    • system_automation-action_stats - Statistics for automation actions.
      • mkey - Filter: Automation action name. type: string required: False
      • system_automation-stitch_stats
    • system_automation-stitch_stats - Statistics for automation stitches.
      • mkey - Filter: Automation stitch name. type: string required: False
      • system_available-certificates
    • system_available-certificates - Get available certificates.
      • scope - Scope of certificate [vdom*|global]. type: string required: False
      • with_remote - Include remote certificates. type: boolean required: False
      • with_ca - Include certificate authorities. type: boolean required: False
      • with_crl - Include certificate revocation lists. type: boolean required: False
      • system_available-interfaces
    • system_available-interfaces - Retrieve a list of all interfaces along with some meta information regarding their availability.
      • scope - Scope of interface list [vdom|global] type: string required: False
      • view_type - Optionally include additional information for interfaces. This parameter can be repeated multiple times. 'ha': Includes extra meta information useful when dealing with interfaces related to HA configuration. Interfaces that are used by an HA cluster as management interfaces are also included in this view. 'zone': Includes extra meta information for determining zone membership eligibility. 'vwp': Includes extra meta information for determining virtual wire pair eligibility. 'sdwan': Includes extra meta information for determining SD-WAN eligibility. 'switch': Includes extra meta information for determining switch eligibility. 'hard-switch': Includes extra meta information for determining hard-switch eligibility. 'limited': Includes limited information on parent interfaces that are in another VDOM. 'stat': Includes TX/RX statistics data. type: string required: False
      • system_botnet
    • system_botnet - List all known IP-based botnet entries in FortiGuard botnet database.
      • count - Maximum number of entries to return. type: int required: False
      • start - Starting entry index. type: int required: False
      • include_hit_only - Include entries with hits only. type: boolean required: False
      • system_botnet-domains
    • system_botnet-domains - List all known domain-based botnet entries in FortiGuard botnet database.
      • count - Maximum number of entries to return. type: int required: False
      • start - Starting entry index. type: int required: False
      • system_botnet-domains_hits
    • system_botnet-domains_hits
      • system_botnet-domains_stat
    • system_botnet-domains_stat
      • system_botnet_stat
    • system_botnet_stat
      • system_certificate_download
    • system_certificate_download - Download certificate.
      • scope - Scope of certificate [vdom*|global]. type: string required: False
      • type - Type of certificate [local-cer|remote-cer|local-ca|remote-ca|local-csr|crl]. type: string required: True
      • mkey - Name of certificate. type: string required: True
      • system_check-port-availability
    • system_check-port-availability - Check whether a list of TCP port ranges is available for a certain service.
      • port_ranges - List of TCP port range objects to check against. type: array required: True
      • service - The service in which the ports could be available. 'service' options are [reserved | sysglobal | webproxy | ftpproxy | sslvpn | slaprobe | fsso | ftm_push]. If 'service' is not specified, the port ranges availability is checked against all services. type: string required: False
      • system_com-log_download
    • system_com-log_download
      • system_com-log_update
    • system_com-log_update
      • system_config-error-log_download
    • system_config-error-log_download
      • system_config-revision
    • system_config-revision
      • system_config-revision_file
    • system_config-revision_file - Download a specific configuration revision.
      • config_id - Configuration id. type: int required: False
      • system_config-revision_info
    • system_config-revision_info - Retrieve meta information for a specific configuration revision.
      • config_id - Configuration id. type: int required: False
      • system_config-script
    • system_config-script
      • system_config-sync_status
    • system_config-sync_status
      • system_config_backup
    • system_config_backup - Backup system config
      • password - Password to encrypt configuration data. type: string required: False
      • usb_filename - When using 'usb' destination: the filename to save to on the connected USB device type: string required: False
      • destination - Configuration file destination [file* | usb] type: string required: False
      • vdom - If 'vdom' scope specified, the name of the VDOM to backup configuration. type: string required: False
      • scope - Specify global or VDOM only backup [global | vdom]. type: string required: True
      • system_config_usb-filelist
    • system_config_usb-filelist
      • system_csf
    • system_csf - Retrieve a full tree of downstream FortiGates registered to the Security Fabric.
      • scope - Scope from which to retrieve the Security Fabric tree [vdom*|global]. type: string required: False
      • system_csf_pending-authorizations
    • system_csf_pending-authorizations
      • system_current-admins
    • system_current-admins
      • system_debug_download
    • system_debug_download
      • system_dhcp
    • system_dhcp - List all DHCP and DHCPv6 leases.
      • interface - Filter: Retrieve DHCP leases for this interface only. type: string required: False
      • scope - Scope from which to retrieve DHCP leases [vdom*|global]. Global scope is only accessible for global administrators. type: string required: False
      • ipv6 - Include IPv6 addresses in the response. type: boolean required: False
      • system_external-resource_entry-list
    • system_external-resource_entry-list - Retrieve resource file status with a list of valid/invalid entries for the specific external resource. Empty lines and comment lines are not returned.
      • status_only - Set to true to retrieve resource file status only. (Skip valid/invalid entries.) type: boolean required: False
      • mkey - The external resource name to query. type: string required: True
      • include_notes - Set to true to retrieve notes on the resource file. type: boolean required: False
      • system_firmware
    • system_firmware
      • system_firmware_upgrade-paths
    • system_firmware_upgrade-paths
      • system_fortiguard-blacklist
    • system_fortiguard-blacklist - Retrieve blacklist information for a specified IP.
      • ip - IPv4 address to check against. type: string required: True
      • timeout - Timeout period in seconds (defaults to 5). type: int required: False
      • system_fortiguard_server-info
    • system_fortiguard_server-info
      • system_fortimanager_backup-details
    • system_fortimanager_backup-details - Get the properties of a FortiManager object.
      • datasource - Object datasource. type: string required: True
      • mkey - Object name. type: string required: True
      • system_fortimanager_backup-summary
    • system_fortimanager_backup-summary
      • system_fortimanager_status
    • system_fortimanager_status
      • system_global-resources
    • system_global-resources
      • system_ha-checksums
    • system_ha-checksums
      • system_ha-history
    • system_ha-history
      • system_ha-peer
    • system_ha-peer - Get configuration of peer(s) in HA cluster. Uptime is expressed in seconds.
      • serial_no - Serial number of the HA member. If not specified, fetch information for all HA members type: string required: False
      • vcluster_id - Virtual cluster number. If not specified, fetch information for all active vclusters type: int required: False
      • system_ha-statistics
    • system_ha-statistics
      • system_ha-table-checksums
    • system_ha-table-checksums - List of table checksums for members of HA cluster.
      • vdom_name - VDOM name of the HA member. If not specified, fetch table checksums for global. type: string required: False
      • serial_no - Serial number of the HA member. type: string required: True
      • system_interface
    • system_interface - Retrieve statistics for all system interfaces.
      • scope - Scope from which to retrieve the interface stats from [vdom|global]. type: string required: False
      • interface_name - Filter: interface name. type: string required: False
      • include_vlan - Enable to include VLANs in result list. type: boolean required: False
      • include_aggregate - Enable to include Aggregate interfaces in result list. type: boolean required: False
      • system_interface-connected-admins-info
    • system_interface-connected-admins-info - Return admins info that are connected to current interface.
      • interface - Interface that admins is connected through. type: string required: True
      • system_interface_dhcp-status
    • system_interface_dhcp-status - Retrieve the DHCP client status of an interface.
      • mkey - Name of the interface. type: string required: True
      • ipv6 - Retrieve the DHCPv6 client status. type: boolean required: False
      • system_interface_poe
    • system_interface_poe - Retrieve PoE statistics for system interfaces.
      • scope - Scope from which to retrieve the interface stats from [vdom|global] (default=vdom). type: string required: False
      • mkey - Filter: Name of the interface to fetch PoE statistics for. type: string required: False
      • system_interface_speed-test-status
    • system_interface_speed-test-status - Retrieve the current status of a speed-test with the results if finished.
      • id - ID of the speed test. type: int required: True
      • system_interface_transceivers
    • system_interface_transceivers - Get a list of transceivers being used by the FortiGate.
      • scope - Scope from which to retrieve the transceiver information from [vdom|global]. type: string required: False
      • system_ipconf
    • system_ipconf - Determine if there is an IP conflict for a specific IP using ARP.
      • devs - List of interfaces to check for conflict. type: array required: True
      • ipaddr - IPv4 address to check for conflict. type: string required: True
      • system_link-monitor
    • system_link-monitor - Retrieve per-interface statistics for active link monitors.
      • mkey - Name of link monitor. type: string required: False
      • system_modem
    • system_modem
      • system_nat46-ippools
    • system_nat46-ippools
      • system_ntp_status
    • system_ntp_status
      • system_object-tagging_usage
    • system_object-tagging_usage
      • system_object_usage
    • system_object_usage - Retrieve all objects that are currently using as well as objects that can use the given object.
      • scope - Scope of resource [vdom|global]. type: string required: False
      • q_name - The CMDB table's name type: string required: False
      • mkey - The mkey for the object type: string required: True
      • qtypes - List of CMDB table qTypes type: array required: False
      • q_path - The CMDB table's path type: string required: False
      • system_resolve-fqdn
    • system_resolve-fqdn - Resolves the provided FQDNs to FQDN -> IP mappings.
      • fqdn - List of FQDNs to be resolved type: array required: False
      • ipv6 - Resolve for the AAAA record? type: boolean required: False
      • system_resource_usage
    • system_resource_usage - Retreive current and historical usage data for a provided resource.
      • scope - Scope of resource [vdom|global]. This parameter is only applicable if the FGT is in VDOM mode. type: string required: False
      • interval - Time interval of resource usage [1-min|10-min|30-min|1-hour|12-hour|24-hour]. Defaults to all intervals if not provided. type: string required: False
      • resource - Resource to get usage data for [cpu|mem|disk|session|session6|setuprate|setuprate6|disk_lograte|faz_lograte|forticloud_lograte|gtp_tunnel|gtp_tunnel_setup_rate]. Defaults to all resources if not provided. Additionally, [npu_session|npu_session6] data is available for devices that have an NPU and [nturbo_session|nturbo_session6] data is available for NP6 devices that support NTurbo. [gtp_tunnel|gtp_tunnel_setup_rate] data is available for carrier platforms only. type: string required: False
      • system_running-processes
    • system_running-processes
      • system_sandbox_cloud-regions
    • system_sandbox_cloud-regions
      • system_sandbox_connection
    • system_sandbox_connection - Test the connection to FortiSandbox.
      • server - IP/FQDN of the FortiSandbox to test. Uses the configured FortiSandbox IP/FQDN if no server is provided. type: string required: False
      • system_sandbox_stats
    • system_sandbox_stats
      • system_sandbox_status
    • system_sandbox_status
      • system_sandbox_test-connect
    • system_sandbox_test-connect - Test the connectivity of a given FortiSandbox IP.
      • server - IP/FQDN of the FortiSandbox to test. type: string required: True
      • system_sdn-connector_nsx-security-tags
    • system_sdn-connector_nsx-security-tags - Retrieve a list of NSX security tags for connected NSX servers.
      • mkey - Filter: NSX SDN connector name. type: string required: False
      • system_sdn-connector_status
    • system_sdn-connector_status - Retrieve connection status for SDN connectors.
      • type - Filter: SDN connector type. Ignored if mkey is specified. type: string required: False
      • mkey - Filter: SDN connector name. type: string required: False
      • system_security-rating
    • system_security-rating - Retrieve a Security Rating report result. Without ID specified, returns the most recent result.
      • scope - Scope of the report [vdom*|global]. Global scope is only accessible for global administrators. type: string required: False
      • id - Report ID. type: int required: False
      • report_type - Report type to view, Security Report when unspecified. type: string required: False
      • system_security-rating_history
    • system_security-rating_history - Retrieve Security Rating history.
      • report_type - Security Rating report history to view, view Security Report when unspecified. type: string required: False
      • system_security-rating_lang
    • system_security-rating_lang - Returns the requested Security Rating language mapping.
      • key - Requested language mapping (en, fr, big5, euc-kr, GB2312, pg, sp, x-sjis). type: string required: False
      • system_security-rating_status
    • system_security-rating_status - Check if a Security Rating report is currently running.
      • progress - Query report progress. type: boolean required: False
      • id - Report ID. type: int required: False
      • report_type - Report type to view, Security Report when unspecified. type: string required: False
      • system_security-rating_supported-reports
    • system_security-rating_supported-reports
      • system_sensor-info
    • system_sensor-info
      • system_sniffer
    • system_sniffer
      • system_sniffer_download
    • system_sniffer_download - Download a stored packet capture.
      • mkey - ID of packet capture entry. type: int required: True
      • system_status
    • system_status
      • system_storage
    • system_storage
      • system_time
    • system_time
      • system_timezone
    • system_timezone
      • system_traffic-history_interface
    • system_traffic-history_interface - Retrieve history traffic stats for an interface.
      • interface - Interface name. type: string required: True
      • time_period - Time period to retrieve data for [hour | day | week]. type: string required: True
      • system_traffic-history_top-applications
    • system_traffic-history_top-applications - Retrieve top FortiView applications traffic stats by bandwidth.
      • time_period - Time period to retrieve data for [hour | day | week]. type: string required: True
      • system_trusted-cert-authorities
    • system_trusted-cert-authorities - Get trusted certifiate authorities.
      • scope - Scope of certificate [vdom*|global]. type: string required: False
      • system_usb-log
    • system_usb-log
      • system_vdom-link
    • system_vdom-link - Gets a list of all NPU VDOM Links and VDOM Links.
      • scope - Scope from which to retrieve the VDOM link informaton from [vdom|global]. type: string required: False
      • system_vdom-resource
    • system_vdom-resource
      • system_vm-information
    • system_vm-information
      • user_banned
    • user_banned
      • user_collected-email
    • user_collected-email - List email addresses collected from captive portal.
      • ipv6 - Include collected email from IPv6 users. type: boolean required: False
      • user_detected-device
    • user_detected-device - Retrieve a list of detected devices.
      • with_fortiap - Retrieve FortiAP information. type: boolean required: False
      • with_user - Retrieve authenticated user information. type: boolean required: False
      • with_endpoint - Retrieve FortiClient endpoint information. type: boolean required: False
      • with_dhcp - Retrieve DHCP lease information. type: boolean required: False
      • expand_child_macs - Include child devices as separate entries in the list. type: boolean required: False
      • with_fortilink - Retrieve FortiLink information. type: boolean required: False
      • user_device
    • user_device - Retrieve a list of detected devices.
      • master_mac - Filter: Master MAC of a device. Multiple entries could be returned. type: string required: False
      • master_only - List of master device only. type: boolean required: False
      • user_device-category
    • user_device-category
      • user_device-type
    • user_device-type
      • user_device_query
    • user_device_query - Retrieve user devices from user device store. List all the user devices if there is no filter set.
      • start - Number of entries to skip from the beginning. type: int required: False
      • number - Maximum number of entries to return. type: int required: False
      • filters - A map of filters. Type: {"key": "value"} type: object required: False
      • user_firewall
    • user_firewall - List authenticated firewall users.
      • count - Maximum number of entries to return. type: int required: False
      • start - Starting entry index. type: int required: False
      • ipv4 - Include IPv4 user (default=true). type: boolean required: False
      • ipv6 - Include IPv6 users. type: boolean required: False
      • user_fortitoken
    • user_fortitoken
      • user_fortitoken-cloud_status
    • user_fortitoken-cloud_status
      • user_fsso
    • user_fsso - Get a list of fsso and fsso polling status.
      • type - Filter: Get the status for this type of FSSO entry [fsso|fsso-polling]. type: string required: False
      • mkey - Filter: Get the status for a specific FSSO entry. `type` is required if this is set. type: string required: False
      • user_info_query
    • user_info_query - Query user info.
      • start - Number of entries to skip from the beginning. type: int required: False
      • number - Maximum number of entries to return. type: int required: False
      • filters - A list of filters. Type: {"type": string, "value": string} type: array required: True
      • user_info_thumbnail
    • user_info_thumbnail - Get user info thumbnail. Returns the first match to the filter.
      • filters - A list of filters. Type: {"type": string, "value": string} type: array required: True
      • utm_antivirus_stats
    • utm_antivirus_stats
      • utm_app-lookup
    • utm_app-lookup - Query remote FortiFlow database to resolve hosts to application control entries.
      • hosts - List of hosts to resolve. type: array required: False
      • utm_application-categories
    • utm_application-categories
      • utm_blacklisted-certificates
    • utm_blacklisted-certificates - Retrieve a list of blacklisted SSL certificates.
      • count - Maximum number of entries to return. Limit is set to 2000. type: int required: True
      • start - Starting entry index. type: int required: True
      • utm_blacklisted-certificates_statistics
    • utm_blacklisted-certificates_statistics
      • videofilter_fortiguard-categories
    • videofilter_fortiguard-categories
      • virtual-wan_health-check
    • virtual-wan_health-check
      • virtual-wan_interface-log
    • virtual-wan_interface-log - Retrieve log of SD-WAN interface quality information.
      • interface - Filter: Interface name. type: string required: False
      • seconds - Filter: Only return SLA logs generated in the last N seconds. type: int required: False
      • since - Filter: Only return SLA logs generated since this Unix timestamp. type: int required: False
      • virtual-wan_members
    • virtual-wan_members
      • virtual-wan_sla-log
    • virtual-wan_sla-log - Retrieve log of SLA probe results for for each SD-WAN SLA rule.
      • interface - Filter: Interface name. type: string required: False
      • seconds - Filter: Only return SLA logs generated in the last N seconds. type: int required: False
      • since - Filter: Only return SLA logs generated since this Unix timestamp. type: int required: False
      • sla - Filter: SLA name. type: string required: False
      • vpn_ipsec
    • vpn_ipsec - Return an array of active IPsec VPNs.
      • tunnel - Filter for a specific IPsec tunnel name. type: string required: False
      • start - Starting entry index. type: int required: False
      • count - Maximum number of entries to return. type: int required: False
      • vpn_ocvpn_members
    • vpn_ocvpn_members
      • vpn_ocvpn_meta
    • vpn_ocvpn_meta
      • vpn_ocvpn_status
    • vpn_ocvpn_status
      • vpn_one-click_members
    • vpn_one-click_members
      • vpn_one-click_status
    • vpn_one-click_status
      • vpn_ssl
    • vpn_ssl
      • vpn_ssl_stats
    • vpn_ssl_stats
      • wanopt_history
    • wanopt_history - Retrieve WAN opt. statistics history.
      • period - Statistics period [10-min*|hour|day|week|30-day]. type: string required: False
      • wanopt_peer_stats
    • wanopt_peer_stats
      • wanopt_webcache
    • wanopt_webcache - Retrieve webcache statistics history.
      • period - Statistics period [10-min*|hour|day|week|30-day]. type: string required: False
      • web-ui_custom-language_download
    • web-ui_custom-language_download - Download a custom language file.
      • filename - Name of custom language entry. type: string required: True
      • webcache_stats
    • webcache_stats - Retrieve webcache statistics.
      • period - Statistics period [10min|hour|day|month]. type: string required: False
      • webfilter_category-quota
    • webfilter_category-quota - Retrieve quota usage statistics for webfilter categories.
      • profile - Webfilter profile. type: string required: False
      • user - User or IP (required if profile specified). type: string required: False
      • webfilter_fortiguard-categories
    • webfilter_fortiguard-categories - Return FortiGuard web filter categories.
      • convert_unrated_id - Convert Unrated category id to the one for CLI use. type: boolean required: False
      • include_unrated - Include Unrated category in result list. type: boolean required: False
      • webfilter_malicious-urls
    • webfilter_malicious-urls
      • webfilter_malicious-urls_stat
    • webfilter_malicious-urls_stat
      • webfilter_override
    • webfilter_override
      • webfilter_trusted-urls
    • webfilter_trusted-urls
      • webproxy_pacfile_download
    • webproxy_pacfile_download
      • wifi_ap_status
    • wifi_ap_status
      • wifi_client
    • wifi_client - Retrieve a list of connected WiFi clients.
      • count - Maximum number of entries to return. type: int required: False
      • start - Starting entry index. type: int required: False
      • type - Request type [all*|fail-login]. type: string required: False
      • wifi_euclid
    • wifi_euclid
      • wifi_firmware
    • wifi_firmware - Retrieve a list of current and recommended firmware for FortiAPs in use.
      • timeout - FortiGuard connection timeout (defaults to 2 seconds). type: string required: False
      • wifi_interfering_ap
    • wifi_interfering_ap - Retrieve a list of interfering APs for one FortiAP radio.
      • wtp - FortiAP ID to query. type: string required: False
      • start - Starting entry index. type: int required: False
      • radio - Radio ID. type: int required: False
      • count - Maximum number of entries to return. type: int required: False
      • wifi_managed_ap
    • wifi_managed_ap - Retrieve a list of managed FortiAPs.
      • incl_local - Enable to include the local FortiWiFi device in the results. type: boolean required: False
      • wtp_id - Filter: single managed FortiAP by ID. type: string required: False
      • wifi_network_list
    • wifi_network_list
      • wifi_network_status
    • wifi_network_status
      • wifi_region-image
    • wifi_region-image - Retrieves a floorplan/region image from a configured FortiAP region.
      • region_name - Region name to retrieve image from. type: string required: True
      • wifi_rogue_ap
    • wifi_rogue_ap - Retrieve a list of detected rogue APs.
      • count - Maximum number of entries to return. type: int required: False
      • managed_ssid_only - Filter: True to include only WiFi controller managed SSIDs. type: boolean required: False
      • start - Starting entry index. type: int required: False
      • wifi_spectrum
    • wifi_spectrum - Retrieve spectrum analysis information for a specific FortiAP.
      • wtp_id - FortiAP ID to query. type: string required: True
      • wifi_vlan-probe
    • wifi_vlan-probe - Retrieve the VLAN probe results.
      • wtp - FortiAP ID. type: string required: True
      • ap_interface - FortiAP interface to send the probe on. type: int required: True
  • params - the parameter for each selector, see definition in above list.type: dict

    • Notes

    Note

    • Different selector may have different parameters, users are expected to look up them for a specific selector.
    • For some selectors, the objects are global, no params are allowed to appear.
    • Not all parameters are required for a slector.
    • This module is exclusivly for FortiOS monitor API.
    • The result of API request is stored in results.
    • There are three filtering parameters: filters, sorters and formatters, please see filtering spec for more information.

    Examples

    - hosts: fortigate03
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:

  - fortios_monitor_fact:
       vdom: ""
       enable_log: true
       formatters:
           - model_name
       filters:
           - model_name==FortiGat
       selector: 'system_status'

  - name: fact gathering
    fortios_monitor_fact:
       vdom: ""
       access_token: ""
       selector: 'firewall_acl'

  - name: fact gathering
    fortios_monitor_fact:
       vdom: ""
       access_token: ""
       selector: 'firewall_security-policy'
       params:
           policyid: '1'

    Return Values

    Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

    • build - Build number of the fortigate image returned: always type: str sample: 1547
    • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: GET
    • name - Name of the table used to fulfill the request returned: always type: str sample: firmware
    • path - Path of the table used to fulfill the request returned: always type: str sample: system
    • results - Object list retrieved from device. returned: always type: list
    • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
    • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
    • status - Indication of the operation's result returned: always type: str sample: success
    • vdom - Virtual domain used returned: always type: str sample: root
    • version - Version of the FortiGate returned: always type: str sample: v5.6.3
    • ansible_facts - The list of fact subsets collected from the device returned: always type: dict

    Status

    • This module is not guaranteed to have a backwards compatible interface.

    Authors

    • Link Zheng (@chillancezen)
    • Jie Xue (@JieX19)
    • Hongbin Lu (@fgtdev-hblu)
    • Frank Shen (@fshen01)

    Hint

    If you notice any issues in this documentation, you can create a pull request to improve it.